Jan Grashoefer created BIT-1507:
-----------------------------------
Summary: Intel framework does not match mail addresses properly
Key: BIT-1507
URL: https://bro-tracker.atlassian.net/browse/BIT-1507
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.4
Environment: All
Reporter: Jan Grashoefer
Priority: Low
Some time ago someone in #bro asked for matching mail addresses using the
intel-framework. We realized, that the
[seen-script|https://github.com/bro/bro/blob/master/scripts/policy/frameworks/intel/seen/smtp.bro]
seems to contain a bug: Using {code}split_string_n(mail_address, /<.+>/, T,
1){code} to extract a mail address misses the last character and does not
respect the possibility of multiple addresses.
I will add a pcap later.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-005#70107)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
